Staff members of the Federal Trade Commission did some undercover work to find that at least 10 data brokers could be violating the Fair Credit Reporting Act, which aims to protect the privacy and other rights of consumers.
The FTC sent letters to these companies after a “test-shopping operation” indicated they were willing to sell consumer information without abiding by FCRA requirements.
FTC staff members posed as individuals or representatives of companies seeking information about consumers “to make decisions related to their creditworthiness, eligibility for insurance or suitability for employment,” the agency said.
Data brokering companies that collect, distribute or sell this information are considered consumer reporting agencies under the FCRA.
That means the companies must “reasonably verify the identities of their customers and make sure that these customers have a legitimate purpose for receiving the information,” the FTC said.
This requirement ensures that the privacy of sensitive consumer report information is protected, such as credit histories and creditors.
Of the 45 companies contacted by FTC staff in the test-shopper operation, 10 appear to violate the FCRA, the agency said.
The FTC issued the letters this week in conjunction with an international “privacy practice transparency” sweep by the Global Privacy Enforcement Network (GPEN).
The network connects foreign authorities to promote cooperation in cross-border enforcement of laws protecting privacy.
Several GPEN national members are taking steps this week to ensure that companies meet their obligations related to the privacy of consumers’ personal information.
The ten companies receiving the warning letters from the FTC include:
- Two companies that appeared to offer “pre-screened” lists of consumers for use in making firm offers of credit: ConsumerBase and one additional company;
- Two companies that appeared to offer consumer information for use in making insurance decisions: Brokers Data and US Data Corporation; and
- Six companies that appeared to offer consumer information for employment purposes: Crimcheck.com, 4Nannies, U.S. Information Search, People Search Now, Case Breakers, and USA People Search.
The FTC said the letters are “not an official notice by the Commission that any of the named companies is subject to the requirements of the FCRA, nor do the letters lay out any formal complaints against the companies.”
But they serve to remind the companies to evaluate their practices to determine whether they are consumer reporting agencies. If they are, then they must determine how to comply with that law.